Hi > 185K 8942K SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:1.2.3.4 This rule will change the source address of all the packet going out of the eth0 interface. (Irrespective of whether they are local packets or forwarded packets) >I thought this happened only if you create such rule on NAT::ouput so local >connections get natted prior to go out of the box. The NAT:OUTPUT chain will do a NAT for local packets (ie) packets generated by the local machine. >Should i change this to: >-t nat -A POSTROUTING -i eth1 -o eth0 -j SNAT --to-destination:1.2.3.4 to >avoid local packets getting natted? Yes, this should work. >and last question: >All packets leaving routing code (local, forwarded) pass througth >POSTROUTING chain at nat table or only forwarded packets? Yes, all the packets will pass through the POSTROUTING chain. Prabha
